Redirecting All Traffic to HTTPS
Once your SSL certificate is active, you should ensure all visitors are using the secure HTTPS version of your site. Without a redirect, visitors who type your domain without "https://" or follow old HTTP links will see the insecure version.
Method 1: Force HTTPS via .htaccess
The most reliable method is to add a redirect rule to your .htaccess file:
- Log in to cPanel and open File Manager.
- Navigate to your
public_htmldirectory (or the document root for your domain). - Find and edit the
.htaccessfile. If it does not exist, create one. - Add the following code at the very top of the file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Method 2: Force HTTPS in WordPress
If you are running WordPress, you should also update your site URLs:
- Log in to your WordPress admin panel.
- Go to Settings > General.
- Change both WordPress Address (URL) and Site Address (URL) from
http://tohttps://. - Click Save Changes.
Additionally, install the Really Simple SSL plugin, which handles redirects and fixes common HTTPS issues automatically.
Method 3: Force HTTPS via Cloudflare
If your site uses Cloudflare:
- Log in to your Cloudflare dashboard.
- Go to SSL/TLS > Edge Certificates.
- Enable Always Use HTTPS.
Cloudflare will automatically redirect all HTTP requests to HTTPS at their edge servers.
Verifying Your HTTPS Redirect
- Visit
http://yourdomain.co.ukand confirm it redirects tohttps://yourdomain.co.uk. - Check both the www and non-www versions.
- Use an online redirect checker tool to verify the redirect is a 301 (permanent) redirect, not a 302 (temporary).
- Check for mixed content warnings in your browser's developer console (see our separate guide on fixing mixed content).